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DETAILED ACTION 

1 . This is a final office action in response to remarks filed on 14 July 2006. Claims 
30, 38, and 46 have been amended. Claims 26-29 were canceled. No new claims have 
been added. Claims 30-50 are pending. 

2. The text of those sections of Title 35, U.S. Code 103 not included in this action 
can be found in a prior Office action. 

Response to Arguments 

3. Applicant's arguments filed 14 July 2006 have been fully considered but they are 
not persuasive. 

Applicant argues Lim does not select an authentication methodology from 
"multiple authentication abilities." However, examiner does not rely on Lim for this 
limitation. Wood does teach selecting an authentication methodology from multiple 
authentication abilities (see col 11 lines 36-41), 

4. Applicant's other arguments with respect to claims 30-50 have been considered 
but are moot in view of the new ground(s) of rejection. 
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Claim Rejections - 35 USC § 103 

5. Claims 30-33, 35, 38-41. 43, and 46-49 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Wood et al. (U.S. Patent 6,691 .232), hereafter referred to as 
Wood, in view of Lim (U.S. Patent 6728,884). 

6. Regarding claim 30, Wood disclosed a method in a server computer of 
authenticating client computer systems, the method comprising: 

receiving an instruction that indicates an authentication methodology that is to be 
used to authenticate a client computer system {The login component supplies 
information relating to suitable authentication schemes, see col 11 lines 34-38), the 
authentication methodology being selected from multiple authentication methodologies 
based on authentication abilities indicating authentication methodologies that the client 
computer supports and access rights of the client computer system to access resources 
{The user logging in to the system is presented with suitable authentication schemes 
and selects one, see col 11 lines 36-41. An authentication scheme is deemed suitable 
when it meets or exceeds the required trust level in the current environment, see col 1 1 
lines 14-23, 31-33)] 

receiving a request from the client computer system to access a service of the 
server computer system; and {The user requests access to applications or information 
resources, see col 6 lines 1-4, col 11 lines 23-29) 

upon receiving the request from the client computer system to access a service 
of the server computer, authenticating the client computer system using the indicated 
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authentication methodology {The gatekeeper/entry handler component authenticates 
the user after the user enters its login credentials, see col 12 lines 25-50). 

Wood did not explicitly disclose the access request is received after the 
authentication instruction, however, Wood does state it is not necessary for the user to 
request access before determining suitable authentication methods (see col 11 lines 23- 
29). This implies the claimed order because requesting access to a resource is 
necessary before accessing the resource. 

Wood did not explicitly disclose a controlling client computer system containing 
authentication instructions, nor that the client computer system is a separate computer 
system from the controlling client system. However, in an analogous art, Lim disclosed 
a Registry Server 108 containing information on how a user should be authenticated 
(see col. 6 lines 11-19). Lim also disclosed the Authentication and Authorization 
Module 114 in the Access Server 106 used this authentication information to 
authenticate the user (see col. 5 line 61 - col. 6 line 10). These servers are not the 
same computer system as the client system. Figure 1 illustrates networks 102 separate 
the Information Access System 100 from the user's browser 103 and protected servers 
104. 

It would have been obvious to one of ordinary skill in this art at the time of 
invention to incorporate Lim's authentication instructions into Wood's authentication 
system to provide more details on how a user should be authenticated and thereby 
further improve system security. 
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7. Regarding clainn 31 , Wood-LIm disclosed the instruction indicates that multiple 
authentication methodologies can be used to authenticate the client computer system 
and wherein the client computer system is authenticated using one of the indicated 
authentication methodologies (see Wood col. 11 lines 30-67). 

8. Regarding claim 32, Wood-Lim disclosed the instruction indicates that the 
authentication methodology is to be used to authenticate multiple client computer 
systems and wherein the multiple client computer systems are authenticated using the 
indicated authentication methodology (see Wood col. 7 lines 35-40 plurality of client 
systems authenticate with the gatekeeper/entry handler component 110). 

9. Regarding claim 33, Wood-Lim disclosed the instruction indicates multiple 
authentication methodologies can be used to authenticate multiple client computer 
systems and wherein the multiple client computer systems are authenticated using one 
of the indicated authentication methodologies (see Wood col. 7 lines 35-40; col. 11 lines 
30-67; the user/client is allowed to choose credential types to be used to authenticate to 
the server, all the users can use a particular method of authentication, i.e. certificate 
authority). 

10. Regarding claim 35, Wood-Lim disclosed the authentication methodology is a 
basic HTTP authentication (col. 12 lines 25-30). 
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1 1 . Regarding claims 38-41 and 43, the claims are rejected for the same reasons as 
the rejections to claims 30-33 and 35 above respectively. 

12. Regarding claims 46-49, the claims are rejected for the same reasons as the 
rejections to claims 30-33 above respectively. 

13. Claims 34, 36-37, 42, 44-45. and 50 are reiected under 35 U.S.C. 103(a) as 
being unpatentable over Wood-Lim as applied to claims 30. 38, and 49 above, further in 
view of AAPA (Applicant Admitted Prior Art). 

14. Regarding claim 34 and 42, Wood-Lim disclosed the invention, substantially as 
claimed, as described in claims 30 and 38, but did not explicitly disclose an assertion 
authentication. 

However, AAPA disclosed assertion methodology is a way of authenticating 
between client and server (see for example AAPA specification pg 3 lines 1-3). It would 
have been obvious to one of ordinary skill in this art at the time of invention to combine 
the teachings of Wood-Lim and AAPA because the teaching of AAPA to allow assertion 
would improve the trust in between the two systems, as both sides agree to trust each 
other initially. Furthermore, Wood-Lim's system supports plurality of authentication 
methodologies, it would have been obvious to incorporate assertion methods with 
Wood-Lim to improve the functionality of Wood-Lim by allowing for more choices for 
authentication. 
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15. Regarding claims 36 and 44, Wood-Lim disclosed the invention, substantially as 
claimed, as described in claims 30 and 38, but did not explicitly disclose digest 
authentication. 

However, AAPA disclosed a digest method (see for example pg 3 lines 10-22). It 
would have been obvious to one of ordinary skill in this art at the time of invention to 
combine the teachings of Wood-Lim and AAPA, the rationale to combine is discussed in 
claims 34 and 42 above. 

16. Regarding claims 37 and 45, Wood-Lim disclosed the invention, substantially as 
claimed, as described in claims 30 and 38, but did not explicitly disclose an NTLM 
authentication. 

However, AAPA disclosed NTLM authentication method (see for example pg 3 
lines 23-24). It would have been obvious to one of ordinary skill in this art at the time of 
invention to combine the teachings of Wood-Lim and AAPA, the rational to combine is 
discussed in claims 34 and 42 above. 

17. Regarding claim 50, the claim is rejected for the same reasons as the rejection to 
the combination of claims 34-37 and 42-45 above. 

Conclusion 

18. Examiner's Note: Examiner has cited particular columns and line numbers in 
the references applied to the claims above for the convenience of the applicant. 
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Although the specified citations are representative of the teachings of the art and are 
applied to specific limitations within the individual clainn, other passages and figures 
may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in entirety as potentially teaching. all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the Examiner. 

In the case of amending the claimed invention, Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the structure 
relied on for proper interpretation and also to verify and ascertain the metes and bounds 
of the claimed invention. 

19. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

20. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Angela Widhalm whose telephone number is (571) 272- 
1035. The examiner can normally be reached M-F, 8:30 am - 5:00 pm. If attempts to 
reach the examiner by telephone are unsuccessful, the examiner's supervisor, Bunjob 
Jaroenchonwanit can be reached on (571) 272-3913. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). AW, 25 September 2006 




